SAML Authentication for Nasuni and SMB Multi-User Providers

Last updated on July 20, 2021

Access Anywhere version 1906.07 introduced two new connectors, Nasuni and SMB Multi-User, that allow org. members to access shared SMB storage through Access Anywhere using their own SMB accounts.

This approach was only available to org. members who authenticated as Access Anywhere users through the LDAP system that contained the access controls for the SMB storage accessed through the connectors.

Starting in Access Anywhere v2106 users can also access SMB storage after authenticating with SAML.

Provider Configuration

To allow users who authenticate with SAML to use an SMB provider, the org. admin should first add the provider and then adjust its configuration. Two options on the provider settings page control SAML access:

Allow SAML login - Turn this option On to allow access by users who authenticate with SAML.

Force username - This option is only visible if “Allow SAML login” is set to On. It determines whether the user’s SAML username will be used to access the SMB storage or if the user can provide a different username. If the option is On then the SAML username will be used; if it is Off then the user can provide a different username.

User Access

When a user who authenticates through SAML has been granted access to one or more SMB Multi-User or Nasuni providers that allow SAML logins, the first time she logs in a page will be displayed on which she can set her LDAP credentials for each provider.

As the screen shot shows, when providers share an authentication system they are grouped into Storage Groups and it is only necessary to enter the credentials for once for the group.

Changing Credentials

When a user's LDAP credentials change they can be updated by accessing the same page from Access Anywhere's Organization menu on the menu bar at the top of the page.

The page can also be accessed this way to set credentials that were not set at the time of the user's first login.